LSTM-Based Detection of OT Cyber-Attacks for an Offshore HVAC-Cooling Process

Ligia Soster Ramos, Zhenyu Yang*

*Corresponding author for this work

Research output: Contribution to book/anthology/report/conference proceedingArticle in proceedingResearchpeer-review

Abstract

This work explored the possibility to use a deep machine learning method for cost-effective development of an Intrusion Detection System (IDS) for an offshore Operational Technology (OT) cooling process driven by a HVAC system. Two types of cyber-attacks, namely Man-in-the-Middle (MitM) attack and Deny-of-Service (DoS), are considered at different intruding locations within a Modbus-based Supervisory-Control-And-Data-Acquisition (SCADA) and Programmable Logic Controller (PLC) network. By using the Long Short-Term Memory Neural Network (LSTM-NN) as a middle layer, the IDS is developed as a multi-layer feature classifier, which consists of sequential input, LSTM, dense, softmax and classifier layers. Training and testing data are produced from a corresponding simulation system. The IDS system uses the measurements from the ongoing system (i.e., compressor status) and the relevant process (i.e., ambient and room temperatures) along with the network information to monitor potential abnormal behaviors induced by dedicated cyber-attacks in an real-time manner. All considered attack scenarios can be successfully detected by the developed IDS within 2 min after the attack occurs. There is only one situation in which the IDS cannot identify the abnormal phenomenon is caused by a MitM(2) or DoS attack due to lack of extra signals to distinguish them. In general, this study showed a clear benefit for cost-effective development of OT IDS system using the machine learning method, subject to good availability of sufficient and high-quality data.

Original languageEnglish
Title of host publication2023 IEEE 6th International Conference on Electronic Information and Communication Technology (ICEICT)
Number of pages6
PublisherIEEE
Publication date2023
Pages943-948
Article number10245766
ISBN (Print)979-8-3503-9906-6
ISBN (Electronic)979-8-3503-9905-9
DOIs
Publication statusPublished - 2023
Event6th IEEE International Conference on Electronic Information and Communication Technology, ICEICT 2023 - Qingdao, China
Duration: 21 Jul 202324 Jul 2023

Conference

Conference6th IEEE International Conference on Electronic Information and Communication Technology, ICEICT 2023
Country/TerritoryChina
CityQingdao
Period21/07/202324/07/2023
SeriesIEEE International Conference on Electronic Information and Communication Technology
ISSN2836-7774

Bibliographical note

Publisher Copyright:
© 2023 IEEE.

Keywords

  • cyber-attacks
  • intrusion detection system
  • off-shore HVAC

Fingerprint

Dive into the research topics of 'LSTM-Based Detection of OT Cyber-Attacks for an Offshore HVAC-Cooling Process'. Together they form a unique fingerprint.

Cite this